Running Varnish 4.x on systemd

Mattias Geniar, Sunday, March 15, 2015

If you're thinking about running Varnish 4.x on a systemd system, you may be surprised that many of your "older" configs no longer work.

Now I don't mean the actual VCL files, those have a seriously changed syntax and there are proper documentations on handling a 3.x to 4.x upgrade.

I mean the /etc/sysconfig/varnish config, that will no longer work in a systemd world. It's being replaced by a /etc/varnish/varnish.params file, that is being included by systemd.

To see what's going on under the hood, check out the systemd configuration file at /usr/lib/systemd/system/varnish.service.

$ cat /usr/lib/systemd/system/varnish.service
[Unit]
Description=Varnish a high-perfomance HTTP accelerator
After=syslog.target network.target

[Service]
# Maximum number of open files (for ulimit -n)
LimitNOFILE=131072

# Locked shared memory (for ulimit -l)
# Default log size is 82MB + header
LimitMEMLOCK=82000

# Maximum size of the corefile.
LimitCORE=infinity

EnvironmentFile=/etc/varnish/varnish.params

Type=forking
PIDFile=/var/run/varnish.pid
PrivateTmp=true
ExecStartPre=/usr/sbin/varnishd -C -f $VARNISH_VCL_CONF
ExecStart=/usr/sbin/varnishd \
	-P /var/run/varnish.pid \
	-f $VARNISH_VCL_CONF \
	-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
	-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
	-t $VARNISH_TTL \
	-u $VARNISH_USER \
	-g $VARNISH_GROUP \
	-S $VARNISH_SECRET_FILE \
	-s $VARNISH_STORAGE \
	$DAEMON_OPTS

ExecReload=/usr/sbin/varnish_reload_vcl

[Install]
WantedBy=multi-user.target

Most importantly, it loads the file /etc/varnish/varnish.params that can/should contain environment variables, that you can use to manipulate the systemd service.

At the very end, it contains the $DAEMON_OPTS variable. Previous sysconfig files would have that contain the entire startup parameter for varnish, including the -a parameter (what port to listen on), -S (the secret file), ... etc. With the Varnish 4.x configs on systemd, the $DAEMON_OPTS should only contain the additional parameters that aren't already specified in the varnish.service file.

For example, you should limit the varnish.params file to something like this.

$ cat /etc/varnish/varnish.params
# Varnish environment configuration description. This was derived from
# the old style sysconfig/defaults settings
RELOAD_VCL=1
VARNISH_VCL_CONF=/etc/varnish/default.vcl
VARNISH_LISTEN_PORT=80
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
VARNISH_SECRET_FILE=/etc/varnish/secret
VARNISH_STORAGE="file,/var/lib/varnish/varnish_storage.bin,1G"
VARNISH_TTL=120
VARNISH_USER=varnish
VARNISH_GROUP=varnish
#DAEMON_OPTS="-p thread_pool_min=5 -p thread_pool_max=500 -p thread_pool_timeout=300"

If you're migrating from a sysconfig-world, one of the most important changes is that the systemd-config requires a user and group environment variable, which wasn't set previously.

$ cat /etc/varnish/varnish.params
...
VARNISH_USER=varnish
VARNISH_GROUP=varnish
...

For all other changed parameters in the $DAEMON_OPTS list, check out the Varnish man-pages (man varnishd) that contain very accurate documentations on what parameters are allowed and which have been changed.



Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek & public speaker. Currently working on DNS Spy & Oh Dear!. Follow me on Twitter as @mattiasgeniar.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!

Comments

Hernan Wednesday, June 10, 2015 at 20:04 - Reply

Thanks a lot, man!

Your posts are really useful. You got a new follower!


thoroc Tuesday, December 15, 2015 at 16:21 - Reply

What is the system you are using? I am currently on Ubuntu 15.10 and there isn’t a /usr/lib/systemd/system folder, but a /lib/systemd/system folder (which I have used to store the varnish.service file). This makes the above a bit awkward when trying to figure out the correct file to edit.


Leave a Reply

Your email address will not be published. Required fields are marked *